package com.kun.config;

import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import com.kun.entity.Permission;
import com.kun.entity.Role;
import com.kun.entity.User;
import com.kun.service.RolePermissionService;
import com.kun.service.UserService;
import com.kun.util.UserExcludePwdUtil;

import java.util.List;

import javax.annotation.Resource;

public class MyShiroRealm extends AuthorizingRealm {
    @Resource
    private UserService userService;
    
    @Resource
    private RolePermissionService rolePermissionService;
    
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("权限配置-->MyShiroRealm.doGetAuthorizationInfo()");
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        User user  = (User)principals.getPrimaryPrincipal();
        List<Role> roleList = rolePermissionService.selectRoleAndPermissionByUserId(user.getId());
        //查权限
        for(Role role:roleList){
            authorizationInfo.addRole(role.getRoleName());
            for(Permission p:role.getPermissionList()){
                authorizationInfo.addStringPermission(p.getPermission());
            }
        }
        return authorizationInfo;
    }

    //身份校验
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
            throws AuthenticationException {
        System.out.println("MyShiroRealm.doGetAuthenticationInfo()");
        //获取用户的输入的账号.
        String username = (String)token.getPrincipal();
        Object sObj = new Object();
        String sPwd = "";
        String sSalt = "";
        User user = new User();
        String qz = username.substring(0, 3);
        String hz = username.substring(username.length()-3, username.length());
        if(!"@@@".equals(qz)||!"!!!".equals(hz)){
        	System.out.println(token.getCredentials());
            user = userService.selectUserByLogUsername(username);
            System.out.println("----->>userInfo="+user);
            if(user == null){
            	throw new AccountException("登录失败:用户名/密码错误");
            }
        }else{
        	String realUserName = username.substring(3, username.length()-3);
        	user = userService.selectUserByRealUsername(realUserName);
            System.out.println("----->>adminInfo="+user);
            if(user == null){
            	throw new UnknownAccountException("登录失败:用户名/密码错误");
            }else if(user.getState()!=9){
            	throw new DisabledAccountException("登录失败:非管理员用户！");
            }
        }
        sPwd = user.getPassword();
        sSalt = user.getUsername() + user.getSalt();
        sObj = UserExcludePwdUtil.exclude(user);
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
        		sObj, //user
        		sPwd, //密码
        		ByteSource.Util.bytes(sSalt),//salt=username+realSalt
                getName()  //realm name
        );
        return authenticationInfo;
    }

}